January 22, 2019
In Autumn 2018 cryptocurrency mining enthusiasts began noticing messages suggesting they install a tool for monitoring cryptocurrency prices. The app developers promised a certified, trusted and free widget. At first glance, this program doesn’t raise any suspicions. It has a valid digital signature and works exactly as promised. But behind this seemingly flawless functionality, there’s a hidden catch: it will steal your private data.
Upon installation, the program compiles and runs malicious code downloaded from the developer’s personal Github account. Once completed, it uploads Trojan.PWS.Stealer.24943, also known among malware developers as AZORult, to a victim’s device. This Trojan allows cybercriminals to steal a vast amount of private data, including passwords from cryptocurrency wallets.
In most cases encountered by Doctor Web researchers, this malware was distributed in English on forums dedicated to cryptocurrency mining. It was seen less often on Polish and Russian forums dedicated to the same subject.
At present, the Trojan is still available on several file exchanges, as well as on the Github account mentioned earlier. Dr.Web products successfully detect and remove this type of malware. That said, our cybersecurity researchers strongly advise you to timely renew your anti-virus subscription and install all the latest updates.
Tell us what you think
You will be awarded one Dr.Webling per comment. To ask Doctor Web’s site administration about a news item, enter @admin at the beginning of your comment. If your question is for the author of one of the comments, put @ before their names.